Two external interfaces with UTM-1 NGX R65

I have two Checkpoint UTM-1 270s running NGX R65 in a HA cluster. I have the several VLAN interfaces on the external interface and one non-VLAN (our default route ISP). Routing to and from the private VLANs works fine, but I have just connected a new ISP via a VLAN on the external interface. The connection from the ISP is up and I can PING the interface and it's gateway from the appliance, but all incoming traffic, from the internet, is dropped due to 'Address spoofing'. I have created an object for the interface and put in a rule to allow incoming ICMP traffic, but the firewall still drops it due to spoofing.

I understand why this is happening, as the checkpoint is only expecting internet traffic to come from the interface with the default route. But, I need the new ISP connection to allow incoming traffic, as it will be NATting traffic to a web site and other services. Since I can't add the entire Internet to the topology of the this interface, I am at a loss here. How do I make this happen?

This interface does not need to allow internally initiated outbound traffic (but that would be nice too.)

Never mind. I forgot to specify in the firewall Topology that this was an external interface. I assumed, incorrectly, that if I associated the VLAN with the external interface when I created it, it would default to being external. Guess not.

0

Featured Post

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security. Join us for a webinar on Sept. 28th to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…

Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen.
Visualize your data! ... really see it
To use the code to create a calendar from a q…

In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…